Will anyone comment on the practice of large enterprises using non RFC1918 IP space that other entities are assigned by ARIN for internal routing?
Just curious as to how wide spread this might be. I just heard of this happening with a large ISP and never really thought about it until now.
Robert
Had a previous employee or I discovered it on the network segment after we had some weird routing issues and had to get that cleaned up. I don't know why anyone would do that when there is tons of private IP space.
It is more common than you would think\. Why use public IP's when you can have many rfc1918 options\. Always amazes me after the initial confusion\.
RichardRFC1918 isn't big enough to cover all use cases. Think about a large
internet service providers. If you have ten million customers, 10.0.0.0/8
would be enough to number modems, but what happens when you need to number
video set top boxes and voice end points? I don't think anyone goes out and
says "Lets go use someone else's space, because I don't want to use this
perfectly good private space".
Will anyone comment on the practice of large enterprises using non RFC1918 IP space that other entities are assigned by ARIN for internal routing?
Just curious as to how wide spread this might be. I just heard of this happening with a large ISP and never really thought about it until now.
every time I seen a traceroute with 11/8 22/8 26/8 in it I am duly
impressed.
I worked alongside a company that used addresses assigned to the Syrian
govt for their "guest" network. They were a pretty large org, presumably
this was done to reduce risk - firewall rules, accidentally leaking guest
prefixes to their internal nets, or just straight-up simplicity. They were
in a pretty heavily regulated industry with restrictions on what companies
they could do business with, so there probably wasn't a huge risk of
reachability
issues.
Unless there isn't.. I've worked at more than one company that had used up all the private space. Then you have the cases where some M&A causes overlapping IP space. In addition, you'd also be surprised how many people just assign the entire 10/8 space into a flat IP space.
-j
Will anyone comment on the practice of large enterprises using non RFC1918
IP space that other entities are assigned by ARIN for internal routing?Just curious as to how wide spread this might be. I just heard of this
happening with a large ISP and never really thought about it until now.Robert
To answer your question, it is not uncommon. It is bad, but you do what you
have to do when rfc1918 is tied up
Or places like Ontario, where the government runs a registry service for
net 10/8 because we're all interconnecting our private networks over VPNs
and there were too many NATs.
Matt Hoppes <mattlists@rivervalleyinternet.net> writes:
Had a previous employee or I discovered it on the network segment after
we had some weird routing issues and had to get that cleaned up. I don't
know why anyone would do that when there is tons of private IP space.
Excuse 1: "We'll never connect to the internet!"
Excuse 2: "It's only temporary!"
Excuse 3: Typo (At some customers customer I found 192.!168 address which
where apparently a typo but in use for years so nobody wanted
to change it.) I also know one company who is using (has
used?) 2001:8db::/48. I suggested to get v6 PI an properly
implement IPv6 but never heard from them again.
Excuse 4: "We used the addresses from out training material." - I heard
this story some time ago: A large German government agency
wanted to implement IP(v4) and the people attended a course
about this new TCP/IP stuff at $Vendor. The training material
was prepared by a student who was using his university's /16 as
an example.
BTW: Is the Cisco WLC 1.1.1.1 as default address for DHCP?
Jens
I had a vendor at $dayjob prior to my arrival who assigned all their
customers ip space based on the customer number. when i got there all the
internal network was assigned space from an company in the middle east.
$dayjob didn't have the in-house knowledge to know what was going on and as
they never worried about the middle east it didn't affect their business.
Robert,
I’ve heard of two cases recently, large companies (non carrier/ISP). One company looking to solve challenge with IPv6 and 6to4 and DNS.
Also curious how wide-spread this is? Maybe just the kick in the butt for catching the elusive IPv6 unicorn?
~Richard
Hi,
I know of some enterprise IT equipment that does this. It was reserved space at the time it was picked.
It does not leak from the box, but every once in a while one of these IPs show up in a customer visible log, and causes confusion.
In ways it is better then rfc 1918 space as it has less chance of conflicting with a management network.
Harry
Apologies for not responding sooner.
This came to light with me on a forum where someone posted that they thought it strange that their MTA received an IP that is assigned to the DoD DNIC.
Where I work I have the opposite issue. They have a lot of public IPv4 space and only use it internally never be advertised to the internet. Something I have never agreed
With doing.
Robert
As another data point, Microsoft is using parts of UK MoD's 25/8 for
their hosted Exchange and Outlook infrastructure. Some references,
<https://social.technet.microsoft.com/Forums/lync/en-US/7466816a-fd8c-4d9c-a605-03c0ef046ff6/>
-s
Apologies for not responding sooner.
This came to light with me on a forum where someone posted that they thought it strange that their MTA received an IP that is assigned to the DoD DNIC.
Where I work I have the opposite issue. They have a lot of public IPv4 space and only use it internally never be advertised to the internet. Something I have never agreed
With doing.Robert
Why? This is a perfectly legitimate use of the IP addresses. The purpose of assigning addresses is so that they are unique WORLD WIDE in whatever context you wish to use them in.
Mark
I going to guess you were talking about the use internally of public IP addresses..
But there are rules governing what to use where. So it is OK to hoard publicly addressable IPv4 IP's for internal
use that will never reach the outside world? No the way I have been taught.
Maybe I just lack that big picture..
Robert
Missent.
Welcome to IPv6, where you have technically-reserved-for-future-use space that should never actually need to be used. Quite likely, you can use something like 440::/16 as your private space, but please don't do that unless you've exhausted the true private space.
You're welcome.
some fun examples of the size of ipv6:
https://samsclass.info/ipv6/exhaustion-2016.htm
https://www.reddit.com/r/theydidthemath/comments/2qxgxw/self_just_how_big_is_ipv6/
My previous employer used 198.18/15 for CE links on IPVPN services.
Walgreens used an American SP's space internally and couldn't talk to
any users in that space as a result.